Metaverse vs. data privacy: A clash of the titans?

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

It may well be another “clash of the titans”  when the upcoming metaverse – such as we understand it now – meets data privacy. The metaverse wants to harvest new, uncharted personal information, even to the point of noting and analyzing where your eyes go on a screen and how long you gaze at certain products. Data privacy, on the other hand, wants to protect consumers from this incessant cherry-picking.

That, friends, describes the upcoming battle in the future world of harvesting new personal preference information, and companies are already planning on how to monetize this potential bonanza for themselves. One can bet that in the new online economy of the future, plenty of new startups will be lining up on both sides.

“When you talk about going into a virtual or an augmented reality (AR), it’s all about information as power,” said David Nuti, senior VP for North America Channel at Nord Security, an international online security provider. “They don’t create these platforms to feel good about bringing people together. They’re mining information that is sold off to serve you content that is relevant to what you like to do. 

“For example, if I’m in an augmented reality environment, a company may want to serve me an advertisement for a couch because they can see in my augmented environment that my couch is kind of ratty in the background. Through artificial intelligence, they’ll serve me up a color of a new couch that matches the paint on the wall of my house. If I serve up an advertisement, it’s no longer knowing that I’m serving up the advertiser to the person, but how long my eyeballs are focused on that content.”

Charting your eye movements on screen

The value of those few seconds on the screen to advertisers can’t be overstated. The question is: should companies have use of the analytics of that long stare at the new phone you’re thinking about buying, or a new Peloton you’re admiring? If you contend this is an over-the-top invasion of personal space, get with it: that plane left the runway a long time ago. This is all going to depend upon whether a user even wants to enter the metaverse in the first place.

Today, Jan. 28, is international Data Privacy Day, which hopes to highlight the coming struggle within a specific, though arbitrary, 24-hour period. A recent study from NordVPN revealed a whopping 87% of Americans expressed major privacy concerns if Facebook succeeds in creating its proposed metaverse. In fact, half of Americans fear it will be too easy for hackers to impersonate others in this brave and bold new world, thus threatening personal information privacy on an unstoppable basis. 

This is mostly fear of the unknown at the present time since, in the same survey, 55% of Americans hadn’t even heard of the metaverse, let alone know what it entails. In fact, only 14% of those polled said they could explain the metaverse to someone else.

Let’s back up a little and define these terms. Metaverse is the term Meta’s (Facebook) CEO Mark Zuckerberg foisted on the world last October. At a high level, it means the comingling of the real and digital worlds, such that it becomes difficult to ascertain reality from unreality. In this new setting, personal avatars are quickly expected to multiply.

Zuckerberg introduced the metaverse and even produced a video explaining what it will look like – a stunt that famously received mixed reviews. He called the metaverse “an embodied internet where you’re in the experience, not just looking at it.” Imagine that you could meet your friends from all over the world in virtual reality, discuss business with partners without leaving your office, or access fantasy worlds you’ve always dreamed about. That’s what Zuckerberg has in mind.

Advertisers and online merchants – not to mention Meta itself – have other ideas, however.

Some other data points from the NordVPN study:

  • 47% don’t trust that their identity will be legally protected    
  • 45% fear that even more data can be collected and used against them
  • 43% are concerned about not being sure of the identity of others
  • 41% think it will be hard to safeguard their real identity from their metaverse identity
  • 37% fear that their transactions won’t be very secure
  • Once the metaverse was described to respondents, 66% said they think the metaverse can replace social media as we currently know and use it.

What is  biometrically inferred data?

Kavya Pearlman, founder of the XR Safety Initiative, a nonprofit that advocates for the ethical development of immersive technologies, told VentureBeat that “privacy is all about the data collection. Because there is this enormous amount of data [that will be harvested], you can’t have the convergence of these environments. That’s what I am most concerned about.

“This is now all about biometrically inferred data,” Pearlman said. “Our data privacy laws need to be updated because they are inadequate. This enormous eye-tracking, gait-tracking the way you move, the way you walk – all this analysis – can infer a lot of information about you. And then there are the intersections of these other technologies, which is just like a brain-computer interface that will provide the alpha, beta, gamma – and even your thoughts – at some point. What happens to privacy when our thoughts are not even protected?”

All this information – stacked in cloud storage and constantly being analyzed by multiple buyers – could give companies a greater ability to understand individual traits, Pearlman said. An insurance company, for example, might see a behavioral clue inferring a customer’s health problem before the person notices anything herself. “Now, the data is in inferences,” Pearlman said.

One common denominator about all of this that our sources agree upon is that this is only the beginning of a new phase of commerce and socialization on the internet. As time and tech move on, the results of the success of data privacy policies, software, and hardware will become apparent. The other item everybody agrees on is that national, international and local laws and regulations will lag far behind the advancement of  technology, as it has for decades.

Some other varying perspectives on the coming battle between data privacy and the metaverse:

Peter Evans, CEO of Patriot One Technologies: We don’t expect the issues of data privacy or security to go away with the metaverse. As an industry, we see repeated examples where technology gets way ahead of security, data privacy, and good governance … and the world’s zeal to play with new and interesting things and leverage them for business benefit, competitive advantage, and profit. 

All the issues that we’ve recently seen in the press about Facebook’s use of data to drive marketing and revenue are examples of a marketing opportunity getting ahead of good governance, security, and protection.

This has been going on for 20+ years, going back to the first introduction of the internet, online banking and ecommerce, AI and facial recognition, etc.

We see these issues repeating themselves over and over again, with governments and data privacy often lagging. By the time the world opens its eyes to the data privacy data management issues, it’s too late, because the horse has left the barn. With each new iteration of innovation, we see an order-of-magnitude jump in both business benefits as well as the complexity of data privacy issues. I expect that we will see the same with the metaverse.

Ben Brook, CEO of Transcend, a data privacy software provider: In the beginning, the metaverse can actually be good for privacy because people can adopt anonymous avatars. But over time, as we spend more time in the metaverse and our avatar becomes a bigger portion of our life (in a sense, we become our avatars and we shop as it, we consume content as it, and we form relationships as it), then all the same privacy principles will apply.

It’s still too early to say what specific protections it will require as usage evolves, but the reality is we’re not starting from the most solid foundation. In many jurisdictions, consumers don’t yet have the protections they need for today, let alone for the metaverse and the myriad new ways their data may be used (and abused) tomorrow.

More data means advertisers have a substantially richer cupboard to mine for far deeper targeting, often using the same platforms that are speaking most loudly about the metaverse’s potential.

David Blonder, senior director, legal counsel, regulatory and privacy and data protection officer at BlackBerry: With the metaverse and creating a hybrid-reality, it’s important to remember one simple truism: people will trade security for convenience. The metaverse will see considerably more user interaction than a cellphone. Therefore, it is not unreasonable to assume it would collect much more information and attract many more attackers as well. For security to succeed in the metaverse, it will have to be implemented in a way that is robust without negatively impacting user convenience.

Originally appeared on: TheSpuzz